Security

Security | News, how-tos, features, reviews, and videos

programming code development split screen display
CSO slideshow - Insider Security Breaches - Flag of China, binary code

Selecting the right people.

Security Recruiter Directory

To find the right security job or hire the right candidate, you first need to find the right recruiter. CSO's security recruiter directory is your one-stop shop.

Admission tickets in an digital network / access / admittance / authorization / authentication

What is OAuth? How the open authorization framework works

OAuth is an open-standard authorization protocol or framework that describes how unrelated servers and services can safely allow authenticated access to their assets. It is widely accepted, but be aware of its vulnerabilities.

Fraud / deception / social engineering  >  A wolf in sheep's clothing in a binary environment.

10 signs you're being socially engineered

Scammers will try to trick you and your organization's users into giving up credentials or other sensitive date. Be skeptical if you see any of these signs.

DDOS attack

Misconfigured WS-Discovery in devices enable massive DDoS amplification

Researchers were able to achieve amplification rates of up to 15,300%. Some mitigations are possible.

Botnet Trouble / Botnet army

Secrets of latest Smominru botnet variant revealed in new attack

Researchers gained access to a Smominru command-and-control server to get details on compromised devices and scope of the attack.

Credential theft  > A thief steals a password.

How to detect and halt credential theft via Windows WDigest

Attackers can steal user credentials by enabling credential caching in the Windows authentication protocol WDigest. Here's how to stop them.

Two business people shake hands with a third at a meeting, surrounded by question marks.

6 questions candidates should ask at every security job interview

The cybersecurity skills shortage means security pros can be picky about where they work. Here's how to suss out bad employers.

cssg 025 thumb
video

How to monitor Windows to prevent credential theft attacks

Attackers are now enabling WDigest credential caching to allow them to harvest credentials. Here’s how to spot it.

tf19 054 thumb
video

All about U.S. tech antitrust investigations | TECH(feed)

Four large tech companies -- Apple, Amazon, Google and Facebook are under investigation in the U.S. for allegedly anticompetitive behavior. These antitrust investigations on both the federal and state levels are aimed at uncovering...

network security / network traffic scanning

Review: Blue Hexagon may make you rethink perimeter security

This fully functional, fully trained cybersecurity tool is ready on day 1 to spot threats on whatever network it’s charged with protecting.

Email encryption  >  A key + a three-dimensional 'at' symbol bearing a series of locks.

The top 5 email encryption tools: More capable, better integrated

Most of the email encryption solution vendors have broadened the scope of their products to include anti-phishing, anti-spam, and data loss prevention (DLP).

golden egg / nest / numbers / precious value / worth / growth

Three strategies to prove security's value

How CISOs can identify and quantify security’s value in real dollars

shadow flashlight shadowy investigation

Shining light on dark data, shadow IT and shadow IoT

What's lurking in the shadows of YOUR organization? What you don't know can hurt you. Insider Pro columnist Mike Elgan looks at how your business is at risk and offers six steps to minimize it.

financ credit pos

What is PSD2? And how it will impact the payments processing industry

The EU’s revised Payment Services Directive (PSD2), which include multifactor authentication for online European payment card transactions, will have a ripple effect on the payments processing industry in the U.S. and elsewhere.

Let's Encrypt automated encryption gears

SOAPA vs. SOAR: How these security terms differ

SOAPA and SOAR are vastly different. Security orchestration, automation, and response (SOAR) tools represent a component of a security operations and analytics platform architecture (SOAPA).

Brexit / privacy  >  Binary data + a U.K. umbrella drifting away on a sea branded with an E.U. flag

Privacy Shield and Brexit: What now? What next?

Once the UK leaves the European Union, companies on both sides of the Atlantic will need to act to ensure compliant data flows between the UK and US under Privacy Shield.

cybersecurity controls

The 5 CIS controls you should implement first

The CIS Critical Security Controls list (formerly the SANS Top 20 controls) has been the gold standard for security defense advice. These are the tasks you should do first.

Cyber insurance  >  Umbrella hub protecting connected devices + online activities in binary world.

Implementing a successful cyber insurance program: Key steps and considerations

In a first, a Black Hat micro summit explains how insurers assess risk to write cyber insurance policies as more organizations seek to indemnify themselves against potential breach losses.

Load More